Mailing List Archive

The "notqmail" project [0] is quite active on Libera IRC, though they
haven't done an official release in a while. I think that'll end up
being one of the main distributions/patchsets going forward. I have high
hopes that it'll be able to shed some of the legacy cruft and drag us
into the 2010s. :)

[0] https://github.com/notqmail/notqmail

On 2022-06-24 12:27, Brian Reichert wrote:
> What I'm looking for is a contemporary and reasonably complete set
> of instructions for pulling this all together.
>
> On the surface, it looks like the venerable qmailtoaster.com site
> will cover my bases, but I was wondering if the community is aware
> of other options.
>
> Vague arm-wavy concerns:
>
> - qmailtoaster.com only seems to discuss CentOS 5, which is EOL,
> and I'm worried that there may be a lot of divergence from what
> a contemporary Fedora-ish distribution would need.
>
> (Heck, I've already sparred with daemontools vs systemd, and that
> was annoying...)
>
> - I'm lazy, and want to avoid the manual gathering and patching.
>
> I hoped I could find an all-signing, all-dancing container I would
> just deploy, or a set of binaries, to save myself time.
>
> I did find https://github.com/mbhangui/indimail-mta , but on the
> surface, that look like a whole ecosystem, but I can't tell how
> divergent it is from a classic qmail server.
>
> As I did deeper, it looks like they actually have a lot of binary
> packages for several OS distributions.
>
> So - anyone willing to volunteer an opinion?
>
> - Go the route of building from source a la Qmail Toaster?
>
> - Dive deep into indimail-mta and the curated binaries? (Impressive
> work, whoever's running that project, BTW.)
>
> - Some other option I haven't considered? I'm not married to any
> particular BSD/Linux distro.
>
> As always, I'd appreciate any feedback...
>

On Sat, 25 Jun 2022 at 00:59, Brian Reichert <reichert@numachi.com> wrote:
>
> The subject sounds like a naive question, but let me provide some
> background.
>
> I have several qmail servers I put together, both many years old,
> some going back to the nineties. There has been some local patching
> over time, as my needs developed, but they've been stable for a lot
> of years at this point.
>
> This spring, Google decided to be dicks, and started rejecting my
> email, with very uninformative messages in the bounces.
>
> Sparing everyone here a detailed rant, it boils down to I need to
> bite the bullet and tackle a bunch of reasonably-necessary features
> like DKIM, TLS, etc.
>
I'm the developer for indimail-mta. And yes, it does have all the
features you mentioned and it is a complete ecosystem.

> What I'm looking for is a contemporary and reasonably complete set
> of instructions for pulling this all together.
>

If you are keen, I can help you set up indimail-mta. We can continue
the discussion offline on emails

>
> I did find https://github.com/mbhangui/indimail-mta , but on the
> surface, that look like a whole ecosystem, but I can't tell how
> divergent it is from a classic qmail server.
>

It is very much divergent from the classic qmail server. All binaries
are in /usr/bin, /usr/sbin. control files in /etc. That is because it
is FHS compliant.

And then there are two other distributions being actively developed

notqmail - https://github.com/notqmail/notqmail. If you are
specifically looking for DKIM, I do have a DKIM patch for notqmail. It
too has binaries like indimail-mta for most linux distros
s/qmail - https://www.fehcom.de/sqmail/sqmail.html

And then there is a toaster for a complete build like qmailtoaster
https://notes.sagredo.eu/en/qmail-notes-185/qmail-vpopmail-dovecot-roberto-s-qmail-notes-8.html

--
Regards Manvendra - http://www.indimail.org
GPG Pub Key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC7CBC760014D250C

On Fri, June 24, 2022 15:27, Brian Reichert wrote:
> I have several qmail servers I put together, both many years old,
> some going back to the nineties. There has been some local patching
> over time, as my needs developed, but they've been stable for a lot
> of years at this point.
>
> This spring, Google decided to be dicks, and started rejecting my
> email, with very uninformative messages in the bounces.

I apologize for not adding anything substantial to the conversation, but
that is definitely one of the ironically less-pleasing qualities of qmail.
I set this very server up around nine or ten years ago following life with
qmail, and aside from adding aliases and renewing TLS certificates, I have
done basically nothing to it to this day.

When tools become so reliable as to forget how they came about in the
first place is a scary place to be. Were my server completely
unrecoverable tomorrow, I *believe* I have an archive of all the patches I
used saved, and I *think* I remember all the configuration I did to it. (I
have multiple backups; that's not the issue.)

To make it somewhat relevant to this thread, I have patches I currently
use for IPv6 support, verifying incoming RCPT TO mail is in a
validrcpthosts file, and (both verifying incoming and signing outgoing)
DKIM. If that helps at all, I'm happy to share with the list.

--
4057 0DA0 0983 FFA1 8756 670F 754A 0CB9 A367 275B
https://devnull.iamdevnull.info/devnull.gpg

On Sat, 25 Jun 2022 at 00:59, Brian Reichert <reichert@numachi.com> wrote:
> - I'm lazy, and want to avoid the manual gathering and patching.
>
> I hoped I could find an all-signing, all-dancing container I would
> just deploy, or a set of binaries, to save myself time.

Somehow this escaped my attention. indimail-mta comes with containers
for Fedora, almalinux, alpine, debian, ubuntu, openSUSE, archlinux,
gentoo, CentOS Stream 8,9, Redhat ubi8.
I'm not an expert on containers, but with basic knowledge I created
containers and I know someone who is using indimail-mta with
kubernetes and at least one user in this list using the fedora
container.

Just 3 steps are needed to run indimail-mta as shown below. You just
need docker or podman installed on your linux or macbook machine.

The images are available as github packages or in the docker
repository and can be pulled

Step 1: Pull the container

# github repository
podman pull ghcr.io/mbhangui/indimail-mta:gentoo
or
docker pull ghcr.io/mbhangui/indimail-mta:gentoo

# docker repository
podman pull docker.io/cprogrammer/indimail-mta:gentoo
docker pull docker.io/cprogrammer/indimail-mta:gentoo

Step 2: Deploy the container for your domain abcdefgh.org
podman run -d --rm \
--publish-all --name svscan \
--device /dev/fuse \
-h abcdefgh.org
--cap-add SYS_PTRACE --cap-add SYS_ADMIN \
--cap-add IPC_LOCK --cap-add IPC_OWNER \
--cap-add SYS_RESOURCE --cap-add NET_ADMIN \
--cap-add CAP_NET_RAW \
-v /home/podman/queue:/var/queue -v /home/podman/mail:/home/mail
e716bf178990
92d9cc7415721a56a92816854de5b82aee784b57b3dc1031a4af6583769e65f9

Step 3 - Use the container

$ ps -ef
PID USER TIME COMMAND
1 root 0:00 /usr/sbin/svscan /service
8 root 0:00 bash
12 root 0:00 supervise log .svscan
43 root 0:00 supervise qmail-send.25
44 root 0:00 supervise log qmail-send.25
324 qmails 0:00 qmail-send -s /var/indimail/queue/queue1
329 qmailq 0:00 qmail-clean /var/indimail/queue/queue1 qmail-send
330 qmails 0:00 qmail-send -s /var/indimail/queue/queue2
331 qmails 0:00 qmail-send -s /var/indimail/queue/queue3
336 qmailq 0:00 qmail-clean /var/indimail/queue/queue2 qmail-send
341 qmailq 0:00 qmail-clean /var/indimail/queue/queue3 qmail-send
342 qmails 0:00 qmail-send -s /var/indimail/queue/queue4
347 qmailq 0:00 qmail-clean /var/indimail/queue/queue4 qmail-send
348 qmails 0:00 qmail-send -s /var/indimail/queue/queue5
353 qmailq 0:00 qmail-clean /var/indimail/queue/queue5 qmail-send
179 qmaild 0:00 /usr/bin/tcpserver -v -h -R -l indimail.org -x
/etc/indimail/tcp/tcp.smtp.cdb -c variables/MAXDAEMONS \
-o -b 75 -u 104 -g 103 0 25 /usr/bin/rblsmtpd
-rdnsbl-1.uceprotect.net -rzen.spamhaus.org /usr/sbin/qmail-smtpd
snip..

$ cat /etc/indimail/control/me
abcdefgh.org
$ cat /etc/indimail/control/locals
abcdefgh.org
abcdefgh.org
localhost
...

Full documentation on indimail-mta, indimail containers are below

See https://github.com/mbhangui/indimail-docker

--
Regards Manvendra - http://www.indimail.org
GPG Pub Key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC7CBC760014D250C

Brian Reichert <reichert@numachi.com> wrote:
>
> This spring, Google decided to be dicks, and started rejecting my
> email, with very uninformative messages in the bounces.
>
> Sparing everyone here a detailed rant, it boils down to I need to
> bite the bullet and tackle a bunch of reasonably-necessary features
> like DKIM, TLS, etc.

Note it may not be this bad (yet). Successfully delivering to Gmail keeps
getting more difficult, but the recent changes (in the last 6 months or so) do
not (for me) require DKIM and TLS.

I found that implementing SPF and DMARC DNS records for my domains was
sufficient to let my mail get through -- at least as well as it was getting
through before the change.

> What I'm looking for is a contemporary and reasonably complete set
> of instructions for pulling this all together.
>
> On the surface, it looks like the venerable qmailtoaster.com site
> will cover my bases, but I was wondering if the community is aware
> of other options.

qmailtoaster was never to my taste. I haven't looked at it in years, though.

Erwin Hoffman has the well-thought-of s/qmail:

https://www.fehcom.de/sqmail/

This is one I've always meant to try, but have not yet got around to it. As
you mention, when what you've got Just Works it's difficult to make playing
with it a high priority.

Charles
--
--------------------------------------------------------------------------
Charles Cazabon
GPL'ed software available at: http://pyropus.ca/software/
Read http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html
--------------------------------------------------------------------------

Brian,


On 2022-06-25 05:27, Brian Reichert wrote:
> The subject sounds like a naive question, but let me provide some
> background.
>
> I have several qmail servers I put together, both many years old,
> some going back to the nineties. There has been some local patching
> over time, as my needs developed, but they've been stable for a lot
> of years at this point.


I was in a somewhat similar situation to you and eventually settled on
testing out indimail-mta - it is has been working for a few years now
and Manvendra has been particularly helpful - I fairly quickly moved the
system onto a Fedora Podman container (which suits me much better than
Docker) and it has been pretty stable. I still have some battles with
DKIM and SPF etc but I get the impression that that exercise is going to
go on forever - it is an arms race . .

Phil.


> This spring, Google decided to be dicks, and started rejecting my
> email, with very uninformative messages in the bounces.
>
> Sparing everyone here a detailed rant, it boils down to I need to
> bite the bullet and tackle a bunch of reasonably-necessary features
> like DKIM, TLS, etc.
>
> As I'm running a bunch of ancient 32-bit distributions, for which the
> necessary development libraries are not available, I guess now's
> the time for a big update on the whole mess.
>
> What I'm looking for is a contemporary and reasonably complete set
> of instructions for pulling this all together.
>
> On the surface, it looks like the venerable qmailtoaster.com site
> will cover my bases, but I was wondering if the community is aware
> of other options.
>
> Vague arm-wavy concerns:
>
> - qmailtoaster.com only seems to discuss CentOS 5, which is EOL,
> and I'm worried that there may be a lot of divergence from what
> a contemporary Fedora-ish distribution would need.
>
> (Heck, I've already sparred with daemontools vs systemd, and that
> was annoying...)
>
> - I'm lazy, and want to avoid the manual gathering and patching.
>
> I hoped I could find an all-signing, all-dancing container I would
> just deploy, or a set of binaries, to save myself time.
>
> I did find https://github.com/mbhangui/indimail-mta , but on the
> surface, that look like a whole ecosystem, but I can't tell how
> divergent it is from a classic qmail server.
>
> As I did deeper, it looks like they actually have a lot of binary
> packages for several OS distributions.
>
> So - anyone willing to volunteer an opinion?
>
> - Go the route of building from source a la Qmail Toaster?
>
> - Dive deep into indimail-mta and the curated binaries? (Impressive
> work, whoever's running that project, BTW.)
>
> - Some other option I haven't considered? I'm not married to any
> particular BSD/Linux distro.
>
> As always, I'd appreciate any feedback...

--
Philip Rhoades

PO Box 896
Cowra NSW 2794
Australia
E-mail: phil@pricom.com.au

Hi together,


Am Freitag, dem 24.06.2022 um 22:11 -0600 schrieb Charles Cazabon:
> Brian Reichert <reichert@numachi.com> wrote:
> >
> > This spring, Google decided to be dicks, and started rejecting my
> > email, with very uninformative messages in the bounces.
> >
> > Sparing everyone here a detailed rant, it boils down to I need to
> > bite the bullet and tackle a bunch of reasonably-necessary features
> > like DKIM, TLS, etc.
>
> Note it may not be this bad (yet).  Successfully delivering to Gmail
> keeps
> getting more difficult, but the recent changes (in the last 6 months
> or so) do
> not (for me) require DKIM and TLS.
>
> I found that implementing SPF and DMARC DNS records for my domains
> was
> sufficient to let my mail get through -- at least as well as it was
> getting
> through before the change.
>
> > What I'm looking for is a contemporary and reasonably complete set
> > of instructions for pulling this all together.
> >
> > On the surface, it looks like the venerable qmailtoaster.com site
> > will cover my bases, but I was wondering if the community is aware
> > of other options.
>
> qmailtoaster was never to my taste.  I haven't looked at it in years,
> though.
>
> Erwin Hoffman has the well-thought-of s/qmail:
>
> https://www.fehcom.de/sqmail/
>
> This is one I've always meant to try, but have not yet got around to
> it.  As
> you mention, when what you've got Just Works it's difficult to make
> playing
> with it a high priority.

I'm currently working on DKIM integration (for s/qmail) because it
seems to be mandatory now to DKIM sign the outgoing message not be
automatically end up the the junk folder.

Gmail delays incoming messages without DKIM signature (and I *do* have
a SPF record):

delivery 3097: deferral:
2a00:1450:400c:c01::1a_failed_after_I_sent_the_message./Remote_host_sai
d:_421-
4.7.0_This_message_does_not_have_authentication_information_or_fails_to
_pass/421-
4.7.0_authentication_checks_(SPF_or_DKIM)._To_best_protect_our_users_fr
om/421-4.7.0_spam,_the_message_has_been_blocked._Please_visit/421-
4.7.0__https://support.google.com/mail/answer/81126#authentication_for_more/421_4.7.0_information._e13-20020a5d6d0d000000b0021845ace950si8127320wrq.346_-_gsmtd/

In case you depend on DKIM signatures, Kai Peter has setup a DKIM
extension for *qmail:

https://gitlab.com/kaili/qdkim

This requires his qlibs in addition but should work out of the box (for
Linux; *BSD needs some changes in the installation routines).


The underpinning libdkim is C++; but the code quality is quite good;
except RFC 8463 (Ed25519-sha256 signatures) are not covered yet. To be
on my todo list.

Regards.
--eh.

BTW: My djbdnscurve6 supports generating DKIM records for tinydns
already.



> Charles

--
Dr. Erwin Hoffmann | www.fehcom.de
PGP key-id: 20FD6E671A94DC1E
PGP key-fingerprint: 8C6B 155B 0FDA 64F1 BCCE A6B9 20FD 6E67 1A94 DC1E

hello eh,

> Gmail delays incoming messages without DKIM signature (and I *do* have
> a SPF record):

by how long? i did not notice this yet.
since you say you had an spf record, did you have the proper dmarc record, too?

Thus said Charles Cazabon on Fri, 24 Jun 2022 22:11:49 -0600:

> I found that implementing SPF and DMARC DNS records for my domains was
> sufficient to let my mail get through -- at least as well as it was
> getting through before the change.

I've never implemented any of these: DKIM, DMARC, SPF, or any of other
DNS trickery for spam delivery.

I don't recall having had email rejected from Gmail, however,
occasionally they mark the email as spam and when that happens I ask the
receipient why their email provider marks legitimate email as spam and
ask them to click the "Not Spam" button.

My qmail installation is mostly vanilla qmail with maybe one or two
patches (the CNAME patch being one of them).

Works for me. :-)

Andy

Andy Bradford <amb-sendok-1658757575.oogghkihpbcehoiebdga@bradfords.org> wrote:
>
> > I found that implementing SPF and DMARC DNS records for my domains was
> > sufficient to let my mail get through -- at least as well as it was
> > getting through before the change.
>
> I've never implemented any of these: DKIM, DMARC, SPF, or any of other
> DNS trickery for spam delivery.

DKIM is somewhat involved and requires modifying the system mail handling, but
SPF and DMARC are just DNS text records, and are easy to implement.

The only problem I've found is that there are tons of sites that violate the
SPF standards by checking the From: header address's domain against SPF,
rather than just the envelope sender address. This means every time I send
email to a mailing list, I get a bunch of crappy SPF bounce messages from
those misconfigured MTAs.

> I don't recall having had email rejected from Gmail, however,
> occasionally they mark the email as spam and when that happens I ask the
> receipient why their email provider marks legitimate email as spam and
> ask them to click the "Not Spam" button.

The problem the OP is talking about is more severe. For many postmasters, a
few months ago much mail to Gmail started silently disappearing (not in
spam/junk folders, not rejected at SMTP time).

I definitely experienced this myself. It was like I didn't exist as far as
Gmail users were concerned.

Charles
--
--------------------------------------------------------------------------
Charles Cazabon
GPL'ed software available at: http://pyropus.ca/software/
Read http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html
--------------------------------------------------------------------------

Thus said Charles Cazabon on Sat, 25 Jun 2022 09:32:48 -0600:

> The problem the OP is talking about is more severe. For many
> postmasters, a few months ago much mail to Gmail started silently
> disappearing (not in spam/junk folders, not rejected at SMTP time).

This problem isn't new. I've actually had numerous occasions where email
delivery to Gmail just disappears. This has been going on since at least
2005 (perhaps longer) if I remember well. I've also documented numerous
times this behavior, though cannot find any sources at the moment.

If I recall correctly this has something to do with some technology that
Gmail uses that assigns a trust score to the senders IP space and the
lowest score just gets delivered to /dev/null.

Of course if one has qmail logs, it is possible to report the problem to
Gmail using the ID that gets sent during the SMTP transaction, however,
it's likely to fall on deaf ears.

Andy

Andy Bradford <amb-sendok-1658767365.lilbhkbeiapcojacnfik@bradfords.org> wrote:
>
> Of course if one has qmail logs, it is possible to report the problem to
> Gmail using the ID that gets sent during the SMTP transaction, however,
> it's likely to fall on deaf ears.

I have yet to find a way to report such an incident to Gmail/Google that gets
*any* response. I'd be curious to know what channel you used.

Charles
--
--------------------------------------------------------------------------
Charles Cazabon
GPL'ed software available at: http://pyropus.ca/software/
Read http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html
--------------------------------------------------------------------------

Hi,



Am Samstag, dem 25.06.2022 um 13:39 +0200 schrieb hiro:
> hello eh,
>
> > Gmail delays incoming messages without DKIM signature (and I *do*
> > have
> > a SPF record):
>
> by how long? i did not notice this yet.
> since you say you had an spf record, did you have the proper dmarc
> record, too?

you can check the SPF records for my domains (fehcom.de, fehcom.net) by
yourself. As I said: No other information is present for these domains.

Now, lets diagnose the problem a bit. Here are three mails from my
mailing list to gmail (recipient ofuscated):



E-Mail no. 102 with Msg-No: 28872454 Del-Id: 2767 QP-Id: 25095 U-Id:
7004 - From: <sqmail-return-765-@mail.fehcom.net-@[]> - To:
<a*453@gmail.com>
2022-06-03 18:09:55.552135500 new msg 28872454
2022-06-03 18:09:55.552140500 info msg 28872454 bytes 3861 from
sqmail-return-765-@mail.fehcom.net-@[] qp 25095 uid 7004
2022-06-03 18:09:55.552210500 starting delivery 2767 msg 28872454 to
remote a*1453@gmail.com
2022-06-03 18:09:56.366847500 delivery 2767 success
2a00:1450:400c:c01::1b_TLS_transmitted_message_accepted./Remote_host_sa

id:_250_2.0.0_OK__1654279796_n13-
20020a5d588d000000b0020fdfe01505si9046415wrf.715_-_gsmtp/
2022-06-03 18:16:50.476012500 end msg 28872454

E-Mail no. 103 with Msg-No: 28872433 Del-Id: 2846 QP-Id: 27041 U-Id:
7004 - From: <sqmail-return-766-@mail.fehcom.net-@[]> - To:
<a*453@gmail.com>
2022-06-03 18:29:22.277966500 new msg 28872433
2022-06-03 18:29:22.277970500 info msg 28872433 bytes 3444 from
sqmail-return-766-@mail.fehcom.net-@[] qp 27041 uid 7004
2022-06-03 18:29:22.278042500 starting delivery 2846 msg 28872433 to
remote a*453@gmail.com
2022-06-03 18:29:23.078573500 delivery 2846 success
2a00:1450:400c:c01::1a_TLS_transmitted_message_accepted./Remote_host_sa

id:_250_2.0.0_OK__1654280963_7-
20020a056000156700b0021554345be6si2589921wrz.136_-_gsmtp/
2022-06-03 18:36:07.387505500 end msg 28872433

E-Mail no. 104 with Msg-No: 28872475 Del-Id: 2992 QP-Id: 18489 U-Id:
7004 - From: <sqmail-return-767-@mail.fehcom.net-@[]> - To:
<alivelioglu1453@gmail.com>
2022-06-06 23:07:08.375789500 new msg 28872475
2022-06-06 23:07:08.375793500 info msg 28872475 bytes 6533 from
sqmail-return-767-@mail.fehcom.net-@[] qp 18489 uid 7004
2022-06-06 23:07:08.375860500 starting delivery 2992 msg 28872475 to
remote a*453@gmail.com
2022-06-06 23:07:11.197950500 delivery 2992 failure
2a00:1450:400c:c06::1b_failed_after_I_sent_the_message./Remote_host_sai

d:_550-
5.7.1_[2001:470:1f0a:58c::2______12]_Our_system_has_detected_that_this/

550-
5.7.1_message_is_likely_unsolicited_mail._To_reduce_the_amount_of_spam_

sent/550-
5.7.1_to_Gmail,_this_message_has_been_blocked._Please_visit/550-
5.7.1__https://support.google.com/mail/?p=UnsolicitedMessageError/550_5.7.1__for_more_information._i1-20020a5d55c1000000b00210307b2ea5si16239379wrw.207_-_gsmtp/
2022-06-07 15:07:14.890381500 end msg 28872475


This is quite typical. I needed three attempts to get the mail thru.
Following oberservations:

1. I recognized the deferral first end of May 2022 (actually May,
30th).
2. It concerns IPv6 senders, where blacklisting is difficult to manage
(though my rblsmptd can do).

AFAIK Google uses a substantial IPv4 black list to reject spam from
those sites. Here, I'm using IPv6 from a HE block.

The policy Google uses for different IPs is non disclosed and might be
different for others MTA given their IP or domain name.

@Charles: And yes; s/qmail uses a full-feature SPF checking for qmail-
smtpd; but I only use it in annotation mode. SRS on the sending site is
available as well.

These are requirements from the users of s/qmail running (still) public
mail services.

Regards.
--eh.


--
Dr. Erwin Hoffmann | www.fehcom.de
PGP key-id: 20FD6E671A94DC1E
PGP key-fingerprint: 8C6B 155B 0FDA 64F1 BCCE A6B9 20FD 6E67 1A94 DC1E

yes, i was aware that google does things differently on ipv6.

as long as you use ipv4, i think the consensus is still that DKIM
provides no advantages for google mail deliveries.

On 6/26/22, Erwin Hoffmann <feh@fehcom.de> wrote:
> Hi,
>
>
>
> Am Samstag, dem 25.06.2022 um 13:39 +0200 schrieb hiro:
>> hello eh,
>>
>> > Gmail delays incoming messages without DKIM signature (and I *do*
>> > have
>> > a SPF record):
>>
>> by how long? i did not notice this yet.
>> since you say you had an spf record, did you have the proper dmarc
>> record, too?
>
> you can check the SPF records for my domains (fehcom.de, fehcom.net) by
> yourself. As I said: No other information is present for these domains.
>
> Now, lets diagnose the problem a bit. Here are three mails from my
> mailing list to gmail (recipient ofuscated):
>
>
>
> E-Mail no. 102 with Msg-No: 28872454 Del-Id: 2767 QP-Id: 25095 U-Id:
> 7004 - From: <sqmail-return-765-@mail.fehcom.net-@[]> - To:
> <a*453@gmail.com>
> 2022-06-03 18:09:55.552135500 new msg 28872454
> 2022-06-03 18:09:55.552140500 info msg 28872454 bytes 3861 from
> sqmail-return-765-@mail.fehcom.net-@[] qp 25095 uid 7004
> 2022-06-03 18:09:55.552210500 starting delivery 2767 msg 28872454 to
> remote a*1453@gmail.com
> 2022-06-03 18:09:56.366847500 delivery 2767 success
> 2a00:1450:400c:c01::1b_TLS_transmitted_message_accepted./Remote_host_sa
>
> id:_250_2.0.0_OK__1654279796_n13-
> 20020a5d588d000000b0020fdfe01505si9046415wrf.715_-_gsmtp/
> 2022-06-03 18:16:50.476012500 end msg 28872454
>
> E-Mail no. 103 with Msg-No: 28872433 Del-Id: 2846 QP-Id: 27041 U-Id:
> 7004 - From: <sqmail-return-766-@mail.fehcom.net-@[]> - To:
> <a*453@gmail.com>
> 2022-06-03 18:29:22.277966500 new msg 28872433
> 2022-06-03 18:29:22.277970500 info msg 28872433 bytes 3444 from
> sqmail-return-766-@mail.fehcom.net-@[] qp 27041 uid 7004
> 2022-06-03 18:29:22.278042500 starting delivery 2846 msg 28872433 to
> remote a*453@gmail.com
> 2022-06-03 18:29:23.078573500 delivery 2846 success
> 2a00:1450:400c:c01::1a_TLS_transmitted_message_accepted./Remote_host_sa
>
> id:_250_2.0.0_OK__1654280963_7-
> 20020a056000156700b0021554345be6si2589921wrz.136_-_gsmtp/
> 2022-06-03 18:36:07.387505500 end msg 28872433
>
> E-Mail no. 104 with Msg-No: 28872475 Del-Id: 2992 QP-Id: 18489 U-Id:
> 7004 - From: <sqmail-return-767-@mail.fehcom.net-@[]> - To:
> <alivelioglu1453@gmail.com>
> 2022-06-06 23:07:08.375789500 new msg 28872475
> 2022-06-06 23:07:08.375793500 info msg 28872475 bytes 6533 from
> sqmail-return-767-@mail.fehcom.net-@[] qp 18489 uid 7004
> 2022-06-06 23:07:08.375860500 starting delivery 2992 msg 28872475 to
> remote a*453@gmail.com
> 2022-06-06 23:07:11.197950500 delivery 2992 failure
> 2a00:1450:400c:c06::1b_failed_after_I_sent_the_message./Remote_host_sai
>
> d:_550-
> 5.7.1_[2001:470:1f0a:58c::2______12]_Our_system_has_detected_that_this/
>
> 550-
> 5.7.1_message_is_likely_unsolicited_mail._To_reduce_the_amount_of_spam_
>
> sent/550-
> 5.7.1_to_Gmail,_this_message_has_been_blocked._Please_visit/550-
> 5.7.1__https://support.google.com/mail/?p=UnsolicitedMessageError/550_5.7.1__for_more_information._i1-20020a5d55c1000000b00210307b2ea5si16239379wrw.207_-_gsmtp/
> 2022-06-07 15:07:14.890381500 end msg 28872475
>
>
> This is quite typical. I needed three attempts to get the mail thru.
> Following oberservations:
>
> 1. I recognized the deferral first end of May 2022 (actually May,
> 30th).
> 2. It concerns IPv6 senders, where blacklisting is difficult to manage
> (though my rblsmptd can do).
>
> AFAIK Google uses a substantial IPv4 black list to reject spam from
> those sites. Here, I'm using IPv6 from a HE block.
>
> The policy Google uses for different IPs is non disclosed and might be
> different for others MTA given their IP or domain name.
>
> @Charles: And yes; s/qmail uses a full-feature SPF checking for qmail-
> smtpd; but I only use it in annotation mode. SRS on the sending site is
> available as well.
>
> These are requirements from the users of s/qmail running (still) public
> mail services.
>
> Regards.
> --eh.
>
>
> --
> Dr. Erwin Hoffmann | www.fehcom.de
> PGP key-id: 20FD6E671A94DC1E
> PGP key-fingerprint: 8C6B 155B 0FDA 64F1 BCCE A6B9 20FD 6E67 1A94 DC1E
>
>

On Sat, Jun 25, 2022 at 03:34:28PM +1000, Philip Rhoades wrote:
> I was in a somewhat similar situation to you and eventually settled on
> testing out indimail-mta - it is has been working for a few years now
> and Manvendra has been particularly helpful - I fairly quickly moved the
> system onto a Fedora Podman container (which suits me much better than
> Docker) and it has been pretty stable. I still have some battles with
> DKIM and SPF etc but I get the impression that that exercise is going to
> go on forever - it is an arms race . .

I want to voice appreciation to you, and the whole community, for
the many good suggestions.

I think I'll start with exploring a indimail-mta installation, and
see if I can wrap my head around it.

Thanks again!

>
> Phil.
>

> --
> Philip Rhoades
>
> PO Box 896
> Cowra NSW 2794
> Australia
> E-mail: phil@pricom.com.au

--
Brian Reichert <reichert@numachi.com>
BSD admin/developer at large